Home page logo

dailydave logo Dailydave mailing list archives

smaller errors eroding situational awareness.
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 16 Aug 2013 14:38:26 -0400

Related Twitter threads here:

One thing you should pay attention to, as someone who works in IT security is how the various assumptions change over 
time. It used to be that managing your network security was how well you used a few simple product types. Essentially 
we had network sniffers and network scanners of various sorts, along with the signature-based AVs. Most enterprises 
remember having tons of network sniffer monkeys looking at logs and sniffer alerts and then trying to use that to 
generate some level of activity. But that turns out to be mindbogglingly expensive, and ineffective as we have all 
learned the hard way.

This then changed into how well you integrate and analyze information from these tools. The SIEM was born. The downside 
being that sorting through massive amounts of noise to find tiny signals is by definition expensive, no matter how good 
your tool is.

This is also true on the assessment side - small errors can add up to cloud your situational awareness. For example, in 
the below referenced Twitter stream you can see a penetration tester scanning a network using a vulnerability 
assessment tool, which then marks a potential ColdFusion bug as "medium". Part of this is because the National 
Vulnerability Database marked it as having a CVSS score of 7.5, despite it being a remote, unauthenticated, 
SYSTEM-level vulnerability. 

That said, if all you had was the Vulnerability Assessment data, you would probably relegate fixing this weakness to 
"when I get around to it", which would explain all the nicely vulnerable ColdFusion boxes on the Interwebs. 

So my conclusion here is that despite all thoughts to the contrary, CVSS, the NVD, and hence vulnerability risk 
rankings, do, in fact matter.  


As a post-script, Nessus has updated their score on this particular vulnerability. I emailed the NVD about it too.

Attachment: signature.asc
Description: OpenPGP digital signature

Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]